PHP Session Expiry

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
chrys
Forum Contributor
Posts: 118
Joined: Tue Oct 04, 2005 9:41 am
Location: West Roxbury, MA (Boston)

PHP Session Expiry

Post by chrys »

Hey, I searched around the web for a while but I did not find anything useful.

The Dilemma
The user has to re-authenticate after 10 or 15 minutes.

The Attempted Fix
ini_set("session.cookie_lifetime", 36000);
ini_set("session.gc_maxlifetime ", 36000);

The Resulting Cookie
Which was set around 9:07 AM on Feb 22

Name: PHPSESSID
Content: 77a4e340ce74c8af9ba7d562fe45141a
Host: my.host.com
Path: /
Expires: Wednesday, February 22, 2006 7:07:21 PM

The Dilemma continues...
The user still has to re-authenticate after 10 or 15 minutes.


Any ideas?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Sounds like your server is set to clear the temp directory used for sessions fairly often. This may, likely is, outside your control. Talk to your host.

I'd suggest using database sessions.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

feyd wrote:I'd suggest using database sessions.
Same here. Its a bit like using a cannon to kill a mosquito, but adodb has a fantastic db-driven session system.

http://phplens.com/lens/adodb/docs-session.htm
User avatar
chrys
Forum Contributor
Posts: 118
Joined: Tue Oct 04, 2005 9:41 am
Location: West Roxbury, MA (Boston)

Post by chrys »

Apparantley we use TMPFS for /tmp/

It is only supposed to get cleared on reboot. Do you guys have any idea where I could search for things being cleared out automatically?
User avatar
chrys
Forum Contributor
Posts: 118
Joined: Tue Oct 04, 2005 9:41 am
Location: West Roxbury, MA (Boston)

Post by chrys »

It actually just occured, so I looked up the session in the /tmp/ directory that corresponded with their session ID and the session exists... the data seems fine within.

Can PHP be having a problem reading the session? I'm really confused.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

chrys wrote:Apparantley we use TMPFS for /tmp/

It is only supposed to get cleared on reboot. Do you guys have any idea where I could search for things being cleared out automatically?
Thats not accurate. /tmp can be cleared at any time, and on a securely configured system, will often be cleared several times a day.
User avatar
chrys
Forum Contributor
Posts: 118
Joined: Tue Oct 04, 2005 9:41 am
Location: West Roxbury, MA (Boston)

Post by chrys »

Roja wrote:
chrys wrote:Apparantley we use TMPFS for /tmp/

It is only supposed to get cleared on reboot. Do you guys have any idea where I could search for things being cleared out automatically?
Thats not accurate. /tmp can be cleared at any time, and on a securely configured system, will often be cleared several times a day.
View my latest post, I checked when the user got "locked out" and the session was still there, they just couldn't log in at this point, they kept getting logged out
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

chrys wrote:View my latest post, I checked when the user got "locked out" and the session was still there, they just couldn't log in at this point, they kept getting logged out
Extremely odd. Check the ownership and permission on the session file.
User avatar
chrys
Forum Contributor
Posts: 118
Joined: Tue Oct 04, 2005 9:41 am
Location: West Roxbury, MA (Boston)

Post by chrys »

Roja wrote:
chrys wrote:View my latest post, I checked when the user got "locked out" and the session was still there, they just couldn't log in at this point, they kept getting logged out
Extremely odd. Check the ownership and permission on the session file.
-rw------- 1 apache apache 724 Feb 23 09:23 sess_0a4a40cb7e7e8ea7ff48508fe395197f
Post Reply